src/Security/Voter/GaugeReadingVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Gauge\GaugeReading;
  6. use App\Entity\User;
  7. use App\Repository\Gauge\GaugeReadingRepository;
  8. use Doctrine\ORM\EntityManagerInterface;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Security;
  13. class GaugeReadingVoter extends Voter
  14. {
  15. // these strings are just invented: you can use anything
  16. const EDIT = 'edit';
  17. const DELETE = 'delete';
  18. /**
  19. * @var Security
  20. */
  21. private Security $security;
  22. /**
  23. * @var EntityManagerInterface
  24. */
  25. private EntityManagerInterface $entityManager;
  27. public function __construct(Security $security, EntityManagerInterface $entityManager)
  28. {
  29. $this->security = $security;
  30. $this->entityManager = $entityManager;
  31. }
  33. protected function supports(string $attribute, $subject): bool
  34. {
  35. // if the attribute isn't one we support, return false
  36. if (!in_array($attribute, [self::EDIT, self::DELETE], true)) {
  37. return false;
  38. }
  40. // only vote on `GaugeReading` objects
  41. if (!$subject instanceof GaugeReading) {
  42. return false;
  43. }
  45. return true;
  46. }
  48. protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
  49. {
  50. $loggedUser = $token->getUser();
  52. if (!$loggedUser instanceof User) {
  53. // the user must be logged in; if not, deny access
  54. return false;
  55. }
  57. // you know $subject is a Post object, thanks to `supports()`
  58. /** @var GaugeReading $targetGauge */
  59. $targetGaugeReading = $subject;
  61. switch ($attribute) {
  62. case self::EDIT:
  63. return $this->canEdit($targetGaugeReading, $loggedUser);
  64. case self::DELETE:
  65. return $this->canDelete($targetGaugeReading, $loggedUser);
  66. }
  68. throw new \LogicException('This code should not be reached!');
  69. }
  72. /**
  73. * @param GaugeReading $targetGaugeReading
  74. * @param User $loggedUser
  75. * @return bool
  76. */
  77. private function canEdit(GaugeReading $targetGaugeReading, User $loggedUser): bool
  78. {
  79. if (!$this->security->isGranted('view', $targetGaugeReading->getGauge())) {
  80. return false;
  81. }
  83. if ($this->security->isGranted('ROLE_CAN_EDIT_ALL_GAUGE_READINGS')) {
  84. return true;
  85. }
  87. if ($this->isLast($targetGaugeReading) && $this->security->isGranted('ROLE_CAN_EDIT_LAST_GAUGE_READINGS')) {
  88. return true;
  89. }
  91. return false;
  92. }
  94. /**
  95. * @param GaugeReading $targetGaugeReading
  96. * @param User $loggedUser
  97. * @return bool
  98. */
  99. private function canDelete(GaugeReading $targetGaugeReading, User $loggedUser): bool
  100. {
  101. if (!$this->security->isGranted('view', $targetGaugeReading->getGauge())) {
  102. return false;
  103. }
  105. if ($this->security->isGranted('ROLE_CAN_DELETE_ALL_GAUGE_READINGS')) {
  106. return true;
  107. }
  109. if ($this->isLast($targetGaugeReading) && $this->security->isGranted('ROLE_CAN_DELETE_LAST_GAUGE_READINGS')) {
  110. return true;
  111. }
  113. return false;
  114. }
  116. /**
  117. * @param GaugeReading $targetGaugeReading
  118. * @return bool
  119. */
  120. private function isLast(GaugeReading $targetGaugeReading): bool
  121. {
  122. /** @var GaugeReadingRepository $grRepository */
  123. $grRepository = $this->entityManager->getRepository(GaugeReading::class);
  124. $lastGr = $grRepository->getLastForGauge($targetGaugeReading->getGauge());
  126. if ($lastGr !== null && $lastGr->getId() === $targetGaugeReading->getId()) {
  127. return true;
  128. }
  130. return false;
  131. }
  132. }